[Git][security-tracker-team/security-tracker][master] two libgd2 issues fixed in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Thu Jul 7 08:48:40 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
476cca0a by Moritz Muehlenhoff at 2022-07-07T09:48:13+02:00
two libgd2 issues fixed in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -57543,7 +57543,7 @@ CVE-2021-40814 (The Customer Photo Gallery addon before 2.9.4 for PrestaShop is
CVE-2021-40813 (A cross-site scripting (XSS) vulnerability in the "Zip content" featur ...)
NOT-FOR-US: Element-IT HTTP Commander
CVE-2021-40812 (The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds ...)
- - libgd2 <unfixed>
+ - libgd2 2.3.3-1
[bullseye] - libgd2 <no-dsa> (Minor issue)
[buster] - libgd2 <no-dsa> (Minor issue)
[stretch] - libgd2 <no-dsa> (Minor issue)
@@ -59291,13 +59291,11 @@ CVE-2021-3736 [uninitialized kernel stack may lead to information disclosure]
[stretch] - linux <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1995570
CVE-2021-40145 (** DISPUTED ** gdImageGd2Ptr in gd_gd2.c in the GD Graphics Library (a ...)
- - libgd2 <unfixed>
- [bullseye] - libgd2 <no-dsa> (Minor issue)
- [buster] - libgd2 <no-dsa> (Minor issue)
- [stretch] - libgd2 <no-dsa> (Minor issue)
+ - libgd2 2.3.3-1 (unimportant)
NOTE: https://github.com/libgd/libgd/issues/700
NOTE: https://github.com/libgd/libgd/pull/713
NOTE: https://github.com/libgd/libgd/commit/c5fd25ce0e48fd5618a972ca9f5e28d6d62006af
+ NOTE: Negligible security impact
CVE-2021-40144
RESERVED
CVE-2021-40143 (Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HT ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/476cca0a3448f498781bded50852524c7f6c330c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/476cca0a3448f498781bded50852524c7f6c330c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220707/bdbe417e/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list